The FBI is reportedly joining the investigation into who is behind the attack on Sony Pictures' computer network. Sony also is said to have hired the security firm Mondiant to look into last week's hack.
The attack, which took place last Monday, took down the computer network of Sony's movie-making division, after briefly displaying the message "Hacked by #GOP," a reference to a group referring to itself as the "Guardians of Peace."
A New Kind of Hack
The involvement of the FBI, reported by Reuters, is not unusual, said Patrick Moorhead, president and principal analyst at Moor Insights and Strategy.
"This is a normal response for a theft of this magnitude, which is in the hundreds of millions of dollars," Moorhead told us. "The FBI is interested in other attacks, but this got a lot of attention given the players."
We reached out to Todd Harris, director at Core Security, a network security consulting company, who said that many hack attacks are, in some ways, the result of a failure to follow basic security protocols.
"We've seen lots of 'classic' breaches over the past year. These are the ones that happen because Security 101 best practices aren't being followed," Harris said. "While CISOs [Chief Information Security Officers] are sweating over zero-days, known vulnerabilities are being exploited. Inconsistent patching and outdated software are leaving organizations exposed."
Nevertheless, the attack on Sony represents something of a new development in hacking, Harris told us. "In many ways, this week's Sony Pictures breach was a deviation from that norm, and it's worth taking a look at this interesting blend of hacktivism, social engineering, intellectual property theft, and ransom. I'm sure it's about more than Sony not giving up Spider-Man rights to Marvel.
"Not only was the entire network disabled, but the attackers put 1980s-esque graphics and a semi-threatening message in broken English on everyone's computers. They apparently stole source code and 'private keys to access servers,' which could be SSH keys or private keys of digital certificates. Aside from being embarrassing, the theft of these technical materials could have long-term effects, and lead to more hacks."
According to a report by Re/code, Sony is looking into the possibility that the North Korean government is behind the Guardians of Peace, who may be working out of China. North Korea has been angry with Sony since word got out of the plot to its coming movie "The Interview," starring James Franco and Seth Rogan, about two journalists recruited by the CIA to assassinate North Korean dictator Kim Jong-un. The country reportedly wrote to President Obama in an attempt to have the film censored, and wrote to the secretary general of the United Nations to protest its release. North Korea also vowed it would respond with "merciless counter-measures."
Whoever was behind the attack, they may have been able to penetrate Sony's defenses by compromising only one server and spreading out from there.
"Big companies have large amounts of attack surface," Harris said. "Sony has partners, media channels and gaming networks. Creating a traditional layered defense for the full attack surface is challenging. A 'hard on the outside, chewy on the inside' approach doesn't work here."
Moorhead called the breach at Sony "a huge black mark."
"This is extremely damaging for Sony," he said. "The ramifications are huge, as Sony's ecosystem will now question their level of security and ability to keep secrets inside the company."
Sony is no stranger to devastating cyber attacks. In August a denial-of-service attack disrupted Sony's gaming network, and a massive 2011 breach exposed 77 million user accounts.